Update 25/May: Included instructions for obfs4 and obfs3

After a few months of running a middle relay node, I decided to reflect upon my effort upon helping the community and whether I should continue or close down my relay.

Tor node status image

Having bandwidth to throw at the Tor Project I initially gave my node 50Mb/s Up and 50Mb/s down. After about a week of running the node I barely saw any usage as tor does a slow ramp up of bandwidth. 20kb/s to 50kb/s on average. Then after 2 weeks I was given “Guard” status, and all of my dreams came true, I was a true participant in the tor network.

I soon realised that my bandwidth would not be the issue, my monthly quota would be. I seemed to be getting a lot of traffic through my node,and did a few maths problems and realised I would hit my allocated bandwidth way before the month was going to end. So after a quick stop off by my hosting providers ‘Add-ons’ section and $6.50/month later, I quickly re-enabled my tor node but in the few days off it being off, I had lost my Guard status.

The downside of running a tor-node that is an active participant (which announces itself to the network so people can find it) is that your IP of that server will evidently get blocked at some point in time. I knew, as do all tor users know, that people block the tor network. But this is the first time I’ve seen someone flat out block the tor network indiscriminately. Whether they are an exit node, or just a middle relay. I only found this out by proxying though my VPS when I was fixing a SQL error and forgot that I was still proxying.

SAP Network To confirm my suspicions a quick wget to their site turns into:

Connecting to scn.sap.com (scn.sap.com)|155.56.59.186|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://scn.sap.com/tor-access-rejected.html [following]
--2015-04-XX XX:XX:XX--  http://scn.sap.com/tor-access-rejected.html

Well… I’ve now blocked scn.sap.com from my edge router, but that got me wondering. I have never been an exit node, so why the hell are they blocking me! It seems they are using the tor DNSBL by Dan. For more information on the blocklist checkout his site here. Many people believe that anything to-do with tor is inherently bad. Which is of course, not the case. Sure there are people that may use the tor network for illegal or nefarious purposes, but cmon… There is no real reason to block every tor IP. Many people use tor as a means to access information which governments and corporations restrict. Others use tor as a way to protect their online identity. As this online world becomes more and more about corporations knowing everything they can about their users, users are trying to fight back. I am not the first to come to these realisations, and I wont be the last.

So if you’ve managed to not get turned off on joined the tor community, please read on, your only 7 commands away from running a node! (Including the start command)

Setup a tor node:

If you’d like to setup a tor node, and run a ubuntu/debian box, it’s as simple as checking out the Tor Install Instructions. Or copy/paste the following into a root terminal.

echo "deb http://deb.torproject.org/torproject.org wheezy main" >> /etc/apt/sources.list.d/tor.list
echo "deb-src http://deb.torproject.org/torproject.org wheezy main" >> /etc/apt/sources.list.d/tor.list
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
apt-get update
apt-get install tor obfs4proxy deb.torproject.org-keyring tor-arm

Next add the following into /etc/tor/torrc

DisableDebuggerAttachment 0
ContactInfo XXXXXX at XXXXXX
# 2TB Up and 2TB Down
AccountingMax 1932735283200
SocksPort 0
ExtORPort auto
Nickname XXXXX
# 100MBit Connection
RelayBandwidthBurst 20971520
RelayBandwidthRate 10485760
BandwidthRate 10485760
BandwidthBurst 20971520
Log notice file /var/log/tor/notices.log
# Comment out the following line to allow traffic to exit your node.
ExitPolicy reject *:*
ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy managed
# Optional, but highly recommended - Uncomment to become a bridge, (a "hidden" relay which doesn't advertise itself as a regular relay). 
# https://www.torproject.org/docs/bridges for more info
# BridgeRelay 1

And then start tor, and double check the log file

service tor start && tail -f /var/log/tor/notices.log

Make sure it shows that its working!

Bootstrapped 100%: Done.

Registered server transport ‘obfs3’ at ‘0.0.0.0:12345’

Registered server transport ‘obfs4’ at ‘0.0.0.0:12344’

If you would like to see a graphical representation of your current traffic (such as the program above) run:

arm

Or to run arm with the same privledges as the relay:

sudo -u debian-tor arm

You have now installed Tor, with obfs3 and obsf4s; a transport obfuscation mechanism. It makes all the tor traffic look like normal SSL traffic. This ensures people in countries such as China which governments employ a firewall with deep packet inspection cannot easily tell (at the current time of the post) the difference between Tor, and SSL traffic.